On 23/11/2003, at 5:35 PM, Kelly McTiernan wrote:
You really should make this an option, and not force people to access as non-root users. You guys are C programmers - remember: the assumption is the programmer knows what he's doing? Anyone who can get all of this working can probably make that decision on his own.
There's a fundamental security aspect missing here. You should NEVER use root unless you really have to (eg, binding to ports under 1024). The only time Courier uses root is to bind to the ports, then it forks off to the appropriate user. The huge security bonus is that if the software is compromised there are only a few times when it has access that could cripple the system. Also, as all your mail users have the same uid/gid on their maildirs, it's possible that they could read other users e-mail if such a bug was found.
And yes, many of us are programmers as well as systems administrators, but not everyone who installs Courier is. I have only a limited understanding of C. We do need to protect those who do not have this knowledge, eg those starting their first mail server (hence courier refuses to build as root and such things. Irritating, but it has changed my work practices for the better).
This may not make a huge amount of sense, but basically, root is there to be used when it has to be used, not as a convenience. If I could figure out how (mostly a time thing at the moment) I'd remove root login from my Linux server. sudo works fine.
-- Phillip Hutchings [EMAIL PROTECTED] http://www.sitharus.com/
smime.p7s
Description: S/MIME cryptographic signature
